-
Notifications
You must be signed in to change notification settings - Fork 0
Home
This codebase has been abandoned in favor of Laravel
(personally, I then abandoned Laravel in favor of AdonisJS)
safeAjax is a jQuery library and PHP ajax connector pair using JSON as the communications medium between your website and your backend.
There are two reasons to use safeAjax: to bottleneck your communications so that you can apply consistent security across the board, and to allow the backend to make the decisions as to which actions/resources require login and which do not.
By encapsulating the administration and security functions to the server-side of the conduit, and implementing the login functionality in the client side of the conduit this removes the need for 99% of the code you might have to write to implement security. The code supports Authentication levels from 0 to the chosen Authenticators maximum numerical value, you can adjust your security granularity from on/off to a virtually infinite number of levels.
The serverside codebase needs only to call a single [Authenticator] routine to determine if the user has the appropriate rights to execute the requested code. If the user does not, then the conduit enforces login until they supply the required credentials -- whereupon the request is completed.
Authenticators are supplied for Cassandra, MongoDB, MySQL, SQLite, and Algorithm. The backend code does not need to know which style is/was in use.
I wrote this javascript library & php connector pair to password protect web pages and safeguard my ajax communications and database actions from my web pages.
It was originally based upon chris shifletts article: the truth about sessions -- which proposed a best-practice method for creating/maintaining safe sessions and persisting logins via cookies.
-- calling options -- options and defaults -- overview --
Version 5 adds optional usage of JQueryUI and supplies all dialogs including a not-enough-privs dialog, jqModal will be obsoleted eventually. Support for a new server-side action log has been added to aid in debugging the backend. The client-side library is now wrapped as a module suitable for CommonJS usage.
Version 4.5 extends the Authentication framework to include User Management functions (select/add/delete/update/passwordReset) -- currently implemented in Cassandra, MongoDB, MySQL, and SQLite. NOTE: this style of user management supports users creating/updating/deleting other users with lower permissions than the creator/deletor holds. As such the most-super user needs to be inserted out-of-band -- for which purpose cmdline functions are provided, to avoid the need for db management tools. The MongoDB & Cassandra classes support adding new key:values to the user tables on the fly. Added functionality now includes login/logout/isLoggedIn calls. All the old-style Authenticators have been updated and the old-style Authentication class files are included as Deprecated for now. Pages demonstrating functionality and usability are included (index.html, actions.html, protectedPage.html, and protectedResource.html.
Version 4.2 is a full server-side re-organization with updates to the authentication methodology, including samples for code-based authentication as well as MySQL, MongoDB, & Cassandra. Method names from the clientSide are renamed to improve readability and understanding.
Version 3 is a full client-side rewrite and updates/enhancements to the drop-in methodology (on the server side.)
Version 2 is a full server-side rewrite to create a drop-in methodology supporting painless extension of your server-side codebase.
Version 1, assembled from dev/test sources - bottlenecks your server requests to allow the server-side to determine which requests need authentication and which one's don't.
Enjoy!
Al;